Hackers Release 2GB of Stolen Data After Hitting Pensacola City of Florida with Maze Ransomware Attack

Singapore Armed Forces

According to a report, hackers who launched maze ransomware attack on the Pensacola City of Florida has released a 2GB data of the stolen information. It is reported that the malicious actors made this step as a proof to the mass media that they really infected the Pensacola City system, and made away with a bunch of data.

During the period, the City suspended its network as the impact of the breach was severe. It is now likely that the hackers would go ahead to upload more of the data on the dark web for sale to other criminals.

On 7 December 2019, the Pensacola City of Florida experienced a sudden error in its network affecting operation. A moment after the incident, the IT department tried their possible best to restore the network but to no avail. After a brief research, it was discovered that the network was interrupted by an external force using a maze ransomware attack.

The City’s Department of Law Enforcement then reported to the County Commissioner that the cause of the incident was linked to a maze ransomware attack, and the malicious hackers demand a ransom of $1 million to restore the network.

Maze ransomware attack

Image Source: www.bleepingcomputer.com

According to a report, the hackers were moved by the statement of the mass media doubting them and speculating that they do not exfiltrate data more than a few files. In response, they released 2GB out of the 32GB of the stolen data as proof of their operation. The malicious actors also claim that they have no intention to mount pressure on the City. Their decision to release a part of the data obtained from the maze ransomware attack is to prove that they are real, contrarily to what the mass media preaches.

This is not the first time hackers have hidden behind the maze ransomware attack to obtain sensitive data from a State and City. A city in Louisiana, New Orleans was also hit by a ransomware attack forcing them to announce a state emergency and shutting down its network. This happened after they discovered suspicions ransomware and a number of phishing emails.

Colin Cowie, a cybersecurity researcher revealed that the attack was launched with Ryuk ransomware as he observed some similarities of the behavior of this ransomware on the attacked system. It is worth noting that malicious actors usually take advantage of the carelessness of employees to successfully launch their attacks.

In the case of the maze ransomware attack, the hackers revealed to Bleeping Computers that they do not attack hospitals, cancer centers, maternity hospitals, and socially vital objects. Trying to look like a decent hacker group, they also stated that they would offer a free decryption service to any of these institutions if hackers attack them with their malware.

They emphasized that none of the socially significant services has suffered. They, however, affected telephone services and 311 customer services with their maze ransomware attack according to the report. From their statement, they look like a unique hacker group compared to the ones that constantly attack Health services and steal patients’ data.

The report did not state whether the City has agreed to go by the demand of the hackers, neither did it clarify whether the ransom is required to be paid in Bitcoin. However, it is reported that the increase in ransomware attack largely correlates with the increase in the Bitcoin price.

Hackers usually demand ransom in Bitcoin to enjoy the benefit of price volatility, and to take advantage of the anonymity it provides. Many government and private agencies have become victims of Maze ransomware attack, and the number of incidents continues to rise.

It is important for both the government and private agencies to invest in cybersecurity, and also train their staffs to not become the primary target of threat actors to penetrate their system. Most companies have also invested heavily in cybersecurity but fail to follow some basic guidelines to protect their data, putting them at constant risk of falling in the hands of malicious actors.

Maze ransomware has been reported to use RSA2048 and Chacha20 encryption. According to reports, it has been designed to alert the targets to contact the threat actors by email for the decryption key after making the ransom payment. In most situations, the malicious actors threaten to release the obtained information to the public or offer them to competitors if the ransom is not paid. Governments and manufacturing companies have been victims of the maze ransomware attack and most of them even paid the ransom in the long run.

Maze ransomware was also linked to another ransomware attack on Wire and Cable Manufacturer Southwire, sending It offline on 9 December 2019. The threat actors after the maze ransomware attack asked them to pay a ransom of 850 bitcoins or witness the obtained file being released to the public. In a statement released by the company to its customers, they stated that its security monitoring system noticed the attack and activated a self-quarantine.

Image Source: www.fastcompany.com

Another company, Busch fresh food market was affected by the maze ransomware attack launched on 9 December 2019. This and many other companies have confirmed that they were affected by the same group of hackers demanding ransom before they restore their data.

In a statement released, they clarified that the ransomware that affected them was designed not to compromise their payment card. Instead, it was designed to lock down their internal system until a ransom is paid. The hackers behind this attack have possibly made a lot from their operation as most companies are likely to agree to their demand to get their data back.

In their statement, Busch fresh food established that they did not pay a ransom, stating three reasons for their decision. According to them, there was no guarantee that they would get their system back had they paid the ransom. Also, they understand that the hackers could try and extort them again had they paid the ransom.

Then finally, paying the ransom may give them enough funds to go after other companies. Authorities have advised companies and individuals not to pay the ransom demanded by malicious actors as it may motivate them to attack again. Instead, they should report to the relevant agencies to put the situation under control.


Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Deep_Web_directories #Hidden_Wiki_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links #Best_Dark_web_Websites


Please enter your comment!
Please enter your name here